I’ve just been checking what’s in the Queen’s Speech about the Snoopers’ Charter. The details of the speech can be found here. This is the relevant section:
Proposals on the investigation of crime in cyberspace
“In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.”
The Government is committed to ensuring that law enforcement and intelligence agencies have the powers they need to protect the public and ensure national security. These agencies use communications data – the who, when, where and how of a communication, but not its content – to investigate and prosecute serious crimes. Communications data helps to keep the public safe: it is used by the police to investigate crimes, bring offenders to justice and to save lives.
This is not about indiscriminately accessing internet data of innocent members of the public.
As the way in which we communicate changes, the data needed by the police is no longer always available. While they can, where necessary and proportionate to do so as part of a specific criminal investigation, identify who has made a telephone call (or sent an SMS text message), and when and where, they cannot always do the same for communications sent over the internet, such as email, internet telephony or instant messaging. This is because communications service providers do not retain all the relevant data.
When communicating over the Internet, people are allocated an Internet Protocol (IP) address. However, these addresses are generally shared between a number of people. In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them.
The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.
The Government published its draft proposals last year. The cross-party Joint Committee that scrutinised our draft provisions, and the Intelligence and Security Committee, both recognised the need to tackle this problem in legislation. We are continuing to look at this issue closely and the Government’s approach will be proportionate, with robust safeguards in place. This is not about indiscriminately accessing internet data of innocent members of the public, it is about ensuring that police and other law enforcement agencies have the powers they need to investigate the activities of criminals that takes place online as well as offline.
So what does this mean? Well, it’s a little hard to tell at this stage – and the devil will be in the detail. What it does seem to mean, at least to me, is that the Snoopers’ Charter isn’t completely dead – the government says that it ‘may involve legislation’ – but that the government isn’t going full steam ahead by any means. We do, however, need to remain vigilant, and in a big way.
The biggest problem, and something that the government seems to refuse to acknowledge or even notice, is that they’re still focusing on the ‘access’ point as the place where controls need to be placed. That’s a fundamental error – control should be at the gathering stage, to minimise the data that’s gathered, to target before gathering, not before accessing. At the moment, they still seem to be focussing on a ‘gather everything’, control access approach – an approach which, as I’ve written many times before, leaves the door open for misuse, for function creep, and for the data and systems to be vulnerable.
It’s a fundamental axiom of data that wherever and however data is held, it can be vulnerable. The only way to cut out the possibility of vulnerability – and indeed to avoid function creep – is not to gather the data in the first place.
I don’t know why they refuse to even acknowledge that point – it suggests a complete misunderstanding of a key issue. I’m not sure whether it would be worse that they have misunderstood, or that they’ve understood but decided not to talk about this – or even that they’re being deliberately deceptive. Whichever one it is, it’s not good at all. I hope they can, or will, accept and understand this at some point.
A couple of things have happened today (Thursday 9th May). The first is the Theresa May seems to have effectively said she wants to go ahead with original plan – she seems, on the face of it, to have learned almost nothing from the way that the original bill was so roundly criticised. The second is that Lib Dems – most notably Julian Huppert (who happens to be my MP) – have made it clear that it won’t happen, and that all that’s possible is a very limited piece of legislation based around the IP address issue. Moreover, Julian Huppert reminded me (via twitter) that the parliamentary timetable is against them:
- If Nick Clegg was as clearly against the bill as he has said, why did he allow the vagueness and ambiguity in the text (see above) to happen?
- Why is Theresa May still pushing for the bill – and seemingly briefing journalists that the bill is still possible?
It may be that this is all jockeying for position for the next election – Theresa May is setting out her stall as a ‘law and order’ candidate, and trying to set the agenda for the next Tory manifesto. If so, it makes it all the more important that there isn’t a Tory majority government next time around. The fact that May seems to have been supported in her aims at least to an extent by Yvette Cooper for Labour is even more worrying – Labour’s record over civil liberties has been pretty abysmal over the last couple of decades at least, so it should be no surprise, but it should also focus the minds of those of us opposed to surveillance. Labour needs to come on board – but getting that to happen will be no small feat.
Indeed, that’s the bottom line with all of this. Politicians need to be convinced that taking the side of civil liberties over authoritarianism is a vote winner. Ultimately, that’s probably all they care about. I think it can be a vote winner – the Snoopers’ Charter lost the battle of hearts and minds last year, to a great extent because people don’t like the idea of a Big Brother state. Privacy is still popular – indeed, given the threats it faces, it may be more popular than ever. It needs to be….